Monday, April 14, 2014

XenServer 6.2, Dell OpenManage and SNMP

I've written before about XenServer 6.1, Dell OpenManage and SNMP. I'm happy to report that the exact same steps also work on XenServer 6.2 SP1.

Thursday, March 20, 2014

Guest network with authentication on a Cisco ASA 5505

In case you need to set up an isolated network gut guest access on an ASA, here is a quick guide how to do that. The goal is to have HTTP authentication on the ASA itself before any network traffic is allowed and to isolate the guest-network from any other networks.

Tuesday, July 9, 2013

rancid and relays using usercmd patch

As I've blogged before, rancid is a really awesome new cisco config differ.
I monitor about 100 devices, and all was well so far.
Now I've come across a device that I can't reach directly from my rancid host. It's not possible to create a direct network connection, or to use ssh tunnels or netcat to forward those ports using a relay host.
Instead I found a much simpler and more elegant solution. Albeit this involves patching rancid.

Monday, July 1, 2013

TortoiseSVN 1.8.0 and NTLM Authentication on Windows

Subversion 1.8.0 was released recently, and my favorite svn client was updated, too. I had hoped this update to go down smooth, just like going from 1.6 to 1.7 in the past.
This time around there are some authentication issues it seems. TortoiseSVN has dropped neon and relies now solely on serf to handle HTTP(S) authentication.

The release notes mention some server-side configuration changes for optimal performance, but they fail to mention that serf doesn't play nice with NTLM authentication. It does work well with Kerberos though.

So, if you've set up Apache like I described here or here, just add this line to make Kerberos the default and have  TSVN 1.8.0 play nice with single-sign-on.
SSPIPackage Negotiate
This will change the default authentication schema (NTLM) to Kerberos. This will cause TortoiseSVN < 1.8 to prompt for username and password, because the underlying neon library cannot handle Kerberos. TortoiseSVN 1.8 and later will be fine though.
You can force older clients to use serf for specific servers though. I've previously written about it here.

There is a big discussion going on in the subversion-dev mailing list about how to best fix this behavior. It is expected that TortoiseSVN 1.8.1 will include a fix for this issue.

This issue and the fact that most SVN tools still haven't been built on top of subversion 1.8 means that you should stay on TortoiseSVN 1.7.x for now.

Tuesday, June 25, 2013

CollabNet Subversion Edge 4.0 with SSPI WSGI and trac

CollabNet released Subversion Edge 4.0 recently, as they've written here. As you know I've been using this to host our Subversion and trac server. I've made a few tweaks and additions but I've never had any issues with updating Subversion Edge. Until now, that is.